<?php
 

define('IN_SCRIPT',1);

/* Get all the required files and functions */
require_once('hd_settings.inc.php');
require_once('language/'.$hd_settings['language'].'.inc.php');
require_once('inc/common.inc.php');

$hd_error_buffer=array();

if ($hd_settings['secimg_use']) {
        hd_session_start();
        $mysecnum=hd_isNumber($_POST['mysecnum']);
        if (empty($mysecnum)) {
                $hd_error_buffer[]=$hdlang['sec_miss'];
        } else {
            require('secimg.inc.php');
            $sc=new PJ_SecurityImage($hd_settings['secimg_sum']);
            if (!($sc->checkCode($mysecnum,$_SESSION['checksum']))) {
                    $hd_error_buffer[]=$hdlang['sec_wrng'];
            }
        }
}

/* Print header */
require_once('inc/header.inc.php');

$name=hd_input($_POST['name']) or $hd_error_buffer[]=$hdlang['enter_your_name'];
$email=hd_validateEmail($_POST['email'],'ERR',0) or $hd_error_buffer[]=$hdlang['enter_valid_email'];
$residence=hd_input($_POST['residence']) or $hd_error_buffer[]=$hdlang['sel_app_cat'];
$priority=hd_input($_POST['priority']) or $hd_error_buffer[]=$hdlang['sel_app_priority'];
$subject=hd_input($_POST['subject']) or $hd_error_buffer[]=$hdlang['enter_request_subject'];
$message=hd_input($_POST['message']) or $hd_error_buffer[]=$hdlang['enter_message'];


/* Custom fields */
if ($hd_settings['use_custom']) {
    foreach ($hd_settings['custom_fields'] as $k=>$v) {
        if ($v['use']) {
            if ($v['req']) {$$k=hd_input($_POST[$k]) or $hd_error_buffer[]=$hdlang['fill_all'].': '.$v['name'];}
            else {$$k=hd_input($_POST[$k]);}
            $_SESSION["c_$k"]=$_POST[$k];
        }
    }
}


/* If we have any errors lets store info in session to avoid re-typing everything */
if (count($hd_error_buffer)!=0) {
    $_SESSION['c_name']     = $_POST['name'];
    $_SESSION['c_email']    = $_POST['email'];
    $_SESSION['c_category'] = $_POST['residence'];
    $_SESSION['c_priority'] = $_POST['priority'];
    $_SESSION['c_subject']  = $_POST['subject'];
    $_SESSION['c_message']  = $_POST['message'];

    $problem = '</p>
    <div align="center">
    <table border="0" widht="80%">
    <tr>
    <td>
    <p><b>'.$hdlang['submit_problems'].':</b></p>
    <ul>';
    foreach ($hd_error_buffer as $error) {
        $problem .= "<li>$error</li>\n";
    }
    $problem .= '
    </ul>
    </td>
    </tr>
    </table>
    </div>
    ';
    hd_error($problem);
}

/*
print_r($hd_error_buffer);
print_r($_SESSION);
exit();
*/

$message=hd_makeURL($message);
$message=nl2br($message);

/* Generate tracking ID */
$useChars='AEUYBDGHJLMNPQRSTVWXZ123456789';
$trackingID = $useChars{mt_rand(0,29)};
for($i=1;$i<=5;$i++)
{
    $trackingID .= $useChars{mt_rand(0,29)};
}
$trackingURL=$hd_settings['hd_url'].'/request.php?track='.$trackingID;

/* Attachments */
if ($hd_settings['attachments']['use']) {
    require_once('inc/attachments.inc.php');
    $attachments = array();
    for ($i=1;$i<=$hd_settings['attachments']['max_number'];$i++) {
        $att = hd_uploadFile($i);
        if (!empty($att)) {
            $attachments[$i] = $att;
        }
    }
}
$myattachments='';

/* Add to database */
require_once('inc/database.inc.php');
hd_dbConnect() or hd_error("$hdlang[cant_connect_db] $hdlang[contact_webmsater] $hd_settings[webmaster_mail]!");

if ($hd_settings['attachments']['use'] && !empty($attachments)) {
    foreach ($attachments as $myatt) {
        $sql = "INSERT INTO `hd_attachments` (`request_id`,`saved_name`,`real_name`,`size`) VALUES ('$trackingID', '$myatt[saved_name]', '$myatt[real_name]', '$myatt[size]')";
        $result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
        $myattachments .= hd_dbInsertID() . '#' . $myatt['real_name'] .',';
    }
}

$sql = "
INSERT INTO `hd_requests` (
`requestid`,`name`,`email`,`residence`,`priority`,`subject`,`message`,`dt`,`lastchange`,`ip`,`status`,`attachments`,`custom1`,`custom2`,`custom3`,`custom4`,`custom5`
)
VALUES (
'$trackingID','$name','$email','$residence','$priority','$subject','$message',NOW(),NOW(),'$_SERVER[REMOTE_ADDR]','0','$myattachments','$custom1','$custom2','$custom3','$custom4','$custom5'
)
";

$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");

/* Get e-mail message for Student */
$fp=fopen('emails/new_request.txt','r');
$message=fread($fp,filesize('emails/new_request.txt'));
fclose($fp);

$message=str_replace('%%NAME%%',$name,$message);
$message=str_replace('%%SUBJECT%%',$subject,$message);
$message=str_replace('%%TRACK_ID%%',$trackingID,$message);
$message=str_replace('%%TRACK_URL%%',$trackingURL,$message);
$message=str_replace('%%SITE_TITLE%%',$hd_settings['site_title'] ,$message);
$message=str_replace('%%SITE_URL%%',$hd_settings['site_url'] ,$message);

/* Send e-mail */
$headers="From: $hd_settings[noreply_mail]\n";
$headers.="Reply-to: $hd_settings[noreply_mail]\n";
@mail($email,$hdlang['request_received'],$message,$headers);

/* Need to notify any admins? */
$admins=array();
$sql = "SELECT `email`,`isadmin`,`residences` FROM `hd_users` WHERE `notify`='1'";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
while ($myuser=hd_dbFetchAssoc($result))
{
    /* Is this an administrator? */
    if ($myuser['isadmin']) {$admins[]=$myuser['email']; continue;}
    /* Not admin, is he allowed this residence? */
    $res=substr($myuser['residences'], 0, -1);
    $myuser['residences']=explode(',',$res);
    if (in_array($residence,$myuser['residences']))
    {
        $admins[]=$myuser['email']; continue;
    }
}
if (count($admins)>0)
{
$trackingURL_admin=$hd_settings['hd_url'].'/admin_request.php?track='.$trackingID;

/* Get e-mail message for Student */
$fp=fopen('emails/new_request_staff.txt','r');
$message=fread($fp,filesize('emails/new_request_staff.txt'));
fclose($fp);

$message=str_replace('%%NAME%%',$name,$message);
$message=str_replace('%%SUBJECT%%',$subject,$message);
$message=str_replace('%%TRACK_ID%%',$trackingID,$message);
$message=str_replace('%%TRACK_URL%%',$trackingURL_admin,$message);
$message=str_replace('%%SITE_TITLE%%',$hd_settings['site_title'] ,$message);
$message=str_replace('%%SITE_URL%%',$hd_settings['site_url'] ,$message);

/* Send e-mail to staff */
$email=implode(',',$admins);
$headers="From: $hd_settings[noreply_mail]\n";
$headers.="Reply-to: $hd_settings[noreply_mail]\n";
@mail($email,$hdlang['new_request_submitted'],$message,$headers);
} // End if

?>
<p class="smaller"><a href="<?php echo $hd_settings['site_url']; ?>"
class="smaller"><?php echo $hd_settings['site_title']; ?></a> &gt;
<a href="index.php?a=start" class="smaller"><?php echo $hd_settings['hd_title']; ?></a>
&gt; <?php echo $hdlang['request_submitted']; ?><br>&nbsp;</p>
</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>

<h3 align="center"><?php echo $hdlang['request_submitted']; ?></h3>

<p>&nbsp;</p>

<p align="center"><?php echo $hdlang['request_submitted_success'].': <b>'.$trackingID;?></b></p>
<p align="center"><a href="<?php echo $trackingURL; ?>"><?php echo $hdlang['view_your_request']; ?></a></p>

<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>

<?php
require_once('inc/footer.inc.php');
exit();
?>
